Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 439a5396 by security tracker role at 2018-01-16T21:10:25+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1,11 +1,46 @@ -CVE-2018-5704 +CVE-2018-5720 RESERVED -CVE-2018-5703 [KASAN: slab-out-of-bounds Write in tcp_v6_syn_recv_sock] +CVE-2018-5719 RESERVED +CVE-2018-5718 + RESERVED +CVE-2018-5717 + RESERVED +CVE-2018-5716 + RESERVED +CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query ...) + TODO: check +CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...) + TODO: check +CVE-2018-5713 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...) + TODO: check +CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, ...) + TODO: check +CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...) + TODO: check +CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...) + TODO: check +CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. ...) + TODO: check +CVE-2018-5708 + RESERVED +CVE-2018-5707 + RESERVED +CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...) + TODO: check +CVE-2018-5705 + RESERVED +CVE-2018-1000003 + RESERVED +CVE-2018-1000002 + RESERVED +CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use ...) + TODO: check +CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...) - linux <unfixed> NOTE: https://lkml.org/lkml/2018/1/16/53 -CVE-2017-18032 - RESERVED +CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has XSS via the ...) + TODO: check CVE-2018-5701 RESERVED CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...) @@ -732,8 +767,8 @@ CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL NOT-FOR-US: Testimonial Slider plugin for WordPress CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ...) NOT-FOR-US: D-Link -CVE-2018-5370 - RESERVED +CVE-2018-5370 (BizLogic xnami 1.0 has XSS via the comment parameter in an addComment ...) + TODO: check CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...) NOT-FOR-US: SrbTransLatin plugin for WordPress CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...) @@ -793,9 +828,10 @@ CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticate NOT-FOR-US: Seagate Media Server in Seagate Personal Cloud CVE-2018-5346 RESERVED -CVE-2018-1000004 [ALSA: seq: Make ioctls race-free] +CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...) - linux <unfixed> CVE-2018-1000001 [Libc Realpath Buffer Underflow] + RESERVED - glibc 2.26-4 (bug #887001) [stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release) [jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release) @@ -856,8 +892,8 @@ CVE-2017-1000439 REJECTED CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to ...) NOT-FOR-US: Discuz! -CVE-2018-5330 - RESERVED +CVE-2018-5330 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...) + TODO: check CVE-2018-5329 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site ...) NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET CVE-2018-5328 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various ...) @@ -11195,8 +11231,8 @@ CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, s NOT-FOR-US: GeniXCMS CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows ...) NOT-FOR-US: Sangoma NetBorder / Vega Session Controller -CVE-2017-17429 - RESERVED +CVE-2017-17429 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the ...) + TODO: check CVE-2017-17428 RESERVED NOT-FOR-US: Cisco ACE @@ -16103,24 +16139,24 @@ CVE-2017-16559 RESERVED CVE-2017-16558 RESERVED -CVE-2017-16557 - RESERVED -CVE-2017-16556 - RESERVED -CVE-2017-16555 - RESERVED -CVE-2017-16554 - RESERVED -CVE-2017-16553 - RESERVED -CVE-2017-16552 - RESERVED -CVE-2017-16551 - RESERVED -CVE-2017-16550 - RESERVED -CVE-2017-16549 - RESERVED +CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...) + TODO: check +CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be ...) + TODO: check +CVE-2017-16555 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...) + TODO: check +CVE-2017-16554 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...) + TODO: check +CVE-2017-16553 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...) + TODO: check +CVE-2017-16552 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...) + TODO: check +CVE-2017-16551 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...) + TODO: check +CVE-2017-16550 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...) + TODO: check +CVE-2017-16549 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...) + TODO: check CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...) {DSA-4068-1 DLA-1218-1} - rsync 3.1.2-2.1 (bug #880954) @@ -19595,7 +19631,7 @@ CVE-2017-15326 RESERVED CVE-2017-15325 RESERVED -CVE-2017-15324 (Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, ...) +CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...) NOT-FOR-US: Huawei CVE-2017-15323 RESERVED @@ -20222,7 +20258,7 @@ CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux CVE-2017-15125 RESERVED NOT-FOR-US: Red Hat CloudForms -CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) before 2.14.3 was ...) +CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older ...) - qemu <unfixed> (bug #884806) [stretch] - qemu <postponed> (Can be fixed along in later update) [jessie] - qemu <postponed> (Can be fixed along in later update) @@ -32502,8 +32538,8 @@ CVE-2017-11074 RESERVED CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) NOT-FOR-US: Qualcomm components for Android -CVE-2017-11072 - RESERVED +CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + TODO: check CVE-2017-11071 RESERVED CVE-2017-11070 @@ -39336,8 +39372,8 @@ CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow ...) NOT-FOR-US: Notepad++ -CVE-2017-8802 - RESERVED +CVE-2017-8802 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...) + TODO: check CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build ...) NOT-FOR-US: Trend Micro CVE-2017-8800 @@ -95612,16 +95648,16 @@ CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as us NOT-FOR-US: IBM CVE-2016-0220 RESERVED -CVE-2016-0219 - RESERVED +CVE-2016-0219 (XML external entity (XXE) vulnerability in IBM Rational Team Concert ...) + TODO: check CVE-2016-0218 (IBM Cognos Business Intelligence and IBM Cognos Analytics are ...) NOT-FOR-US: IBM CVE-2016-0217 (IBM Cognos Business Intelligence and IBM Cognos Analytics are ...) NOT-FOR-US: IBM CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...) NOT-FOR-US: IBM -CVE-2016-0215 - RESERVED +CVE-2016-0215 (IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, ...) + TODO: check CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to upload ...) NOT-FOR-US: IBM CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...) @@ -95636,8 +95672,8 @@ CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal NOT-FOR-US: IBM CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and ...) NOT-FOR-US: IBM -CVE-2016-0207 - RESERVED +CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 ...) + TODO: check CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to ...) NOT-FOR-US: IBM CVE-2016-0205 @@ -99361,12 +99397,12 @@ CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0. NOT-FOR-US: IBM CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...) NOT-FOR-US: IBM -CVE-2015-7486 - RESERVED -CVE-2015-7485 - RESERVED -CVE-2015-7484 - RESERVED +CVE-2015-7486 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...) + TODO: check +CVE-2015-7485 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...) + TODO: check +CVE-2015-7484 (IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 ...) + TODO: check CVE-2015-7483 RESERVED CVE-2015-7482 @@ -99385,8 +99421,8 @@ CVE-2015-7476 RESERVED CVE-2015-7475 RESERVED -CVE-2015-7474 - RESERVED +CVE-2015-7474 (Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM ...) + TODO: check CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...) NOT-FOR-US: IBM CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) @@ -120412,8 +120448,7 @@ CVE-2014-XXXX [denial of service with specific packets] NOTE: https://redmine.openinfosecfoundation.org/issues/1272 NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4 NOTE: CVE Request: http://seclists.org/oss-sec/2014/q4/1035 -CVE-2014-9485 [miniunzip directory traversal] - RESERVED +CVE-2014-9485 (Directory traversal vulnerability in the do_extract_currentfile ...) - minizip 1.1-5 (low; bug #774321) CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c ...) NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific) @@ -120438,8 +120473,7 @@ CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not . NOT-FOR-US: WordPress plugin W3 Total Cache CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the IP ...) NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress -CVE-2014-9482 [dwarfdump use after free] - RESERVED +CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through ...) - dwarfutils <not-affected> (Vulnerable code introduced later, see bug #774530) NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3 CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...) @@ -130522,8 +130556,7 @@ CVE-2014-6073 RESERVED CVE-2014-6072 RESERVED -CVE-2014-6071 [cross-site scripting flaw] - RESERVED +CVE-2014-6071 (jQuery 1.4.2 allows remote attackers to conduct cross-site scripting ...) - jquery 1.6.1-1 [squeeze] - jquery <no-dsa> (Only exploitable when following anti-patterns) NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=1136683#c2 @@ -131782,8 +131815,7 @@ CVE-2014-6028 (TorrentFlux 2.4 allows remote authenticated users to obtain other - torrentflux <removed> (bug #759573) [wheezy] - torrentflux <no-dsa> (Minor issue) [squeeze] - torrentflux <no-dsa> (Minor issue) -CVE-2014-6027 [XSS] - RESERVED +CVE-2014-6027 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 ...) - torrentflux <removed> (bug #759574) [wheezy] - torrentflux <no-dsa> (Minor issue) [squeeze] - torrentflux <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/439a53961182eb6108b887c4867d700b705cf07a --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/439a53961182eb6108b887c4867d700b705cf07a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits